From f467a13ba205ef7b24832c9f134627ac829a50ba Mon Sep 17 00:00:00 2001
From: Walter Hop <walter@lifeforms.nl>
Date: Thu, 15 Jun 2017 18:47:44 +0200
Subject: [PATCH] howtos: avoid unrestricted recursive resolution in 4.0.x
 ALIAS example

---
 docs/markdown/authoritative/howtos.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/markdown/authoritative/howtos.md b/docs/markdown/authoritative/howtos.md
index e5d985f29..2085bf52e 100644
--- a/docs/markdown/authoritative/howtos.md
+++ b/docs/markdown/authoritative/howtos.md
@@ -187,10 +187,11 @@ expand-alias=yes
 
 **note**: If `resolver` is unset, ALIAS expension is disabled!
 
-**note**: In PowerDNS Authoritative Server 4.0.x, the setting [`recursor`](settings.md#recursor) is used instead, and you should omit the [`expand-alias`](settings.md#expand-alias) setting:
+**note**: In PowerDNS Authoritative Server 4.0.x, the setting [`recursor`](settings.md#recursor) is used instead, and you should omit the [`expand-alias`](settings.md#expand-alias) setting. Note that setting [`recursor`](settings.md#recursor) will allow recursive queries to all clients by default, which you likely do not want for security reasons, so you should restrict this:
 
 ```
 recursor=[::1]:5300
+allow-recursion=::1, 127.0.0.1
 ```
 
 Then add the ALIAS record to your zone apex. e.g.:
-- 
2.40.0